Valve has issued an update from Gabe Newell with more on the breach of the Steam service late last year. Apparently more information was compromised than was originally believed:

Dear Steam Users and Steam Forum Users

We continue our investigation of last year's intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.

Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.

We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it's a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.

We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.

Beelzebud wrote on Feb 10, 2012, 21:39:They've been too quiet about this, and hiding these messages on their forum, where most users never go, isn't the way this should be handled.

This should be emailed to everyone on their list, not left up to gaming sites to report on it.

At this point, Sony is looking more forthcoming on information. At least when they screwed up they offered people a free game.

They told everyone more or less as soon as it happened. And I don't know about everyone else, but I DID get an email with all the information when it happened. It wouldn't surprise me if this got sent out, too.

Marvin T. Martian wrote on Feb 10, 2012, 21:11:No notice that is has been fixed and it will never happen again. No acknowlgement or apology for their lax security measures and that it won't happen again.

There was an apology for it. If I remember right, Gabe specifically said in his message notifying users, "I apologize and am extremely sorry this happened."